#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
+#include <openssl/core_numbers.h>
#include <openssl/provider.h>
#include "ssltestlib.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
+/* Defined in filterprov.c */
+OSSL_provider_init_fn filter_provider_init;
+int filter_provider_set_filter(int operation, const char *name);
+
DEFINE_STACK_OF(OCSP_RESPID)
DEFINE_STACK_OF(X509)
DEFINE_STACK_OF(X509_NAME)
static char *certsdir = NULL;
static char *cert = NULL;
static char *privkey = NULL;
+static char *cert2 = NULL;
+static char *privkey2 = NULL;
static char *srpvfile = NULL;
static char *tmpfilename = NULL;
#define MSG6 "test"
#define MSG7 "message."
-#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
+#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
+#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03")
+#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04")
+#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
static SSL_SESSION *create_a_psk(SSL *ssl)
return testresult;
}
+/*
+ * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites
+ * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256
+ * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384
+ * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+ * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256
+ * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256
+ */
+static int test_early_data_psk_with_all_ciphers(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ SSL_SESSION *sess = NULL;
+ unsigned char buf[20];
+ size_t readbytes, written;
+ const SSL_CIPHER *cipher;
+ const char *cipher_str[] = {
+ TLS1_3_RFC_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+# else
+ NULL,
+# endif
+ TLS1_3_RFC_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256
+ };
+ const unsigned char *cipher_bytes[] = {
+ TLS13_AES_128_GCM_SHA256_BYTES,
+ TLS13_AES_256_GCM_SHA384_BYTES,
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ TLS13_CHACHA20_POLY1305_SHA256_BYTES,
+# else
+ NULL,
+# endif
+ TLS13_AES_128_CCM_SHA256_BYTES,
+ TLS13_AES_128_CCM_8_SHA256_BYTES
+ };
+
+ if (cipher_str[idx] == NULL)
+ return 1;
+ /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */
+ if (idx == 2 && is_fips == 1)
+ return 1;
+
+ /* We always set this up with a final parameter of "2" for PSK */
+ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
+ &serverssl, &sess, 2)))
+ goto end;
+
+ if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx]))
+ || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx])))
+ goto end;
+
+ /*
+ * 'setupearly_data_test' creates only one instance of SSL_SESSION
+ * and assigns to both client and server with incremented reference
+ * and the same instance is updated in 'sess'.
+ * So updating ciphersuite in 'sess' which will get reflected in
+ * PSK handshake using psk use sess and find sess cb.
+ */
+ cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]);
+ if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)))
+ goto end;
+
+ SSL_set_connect_state(clientssl);
+ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
+ &written)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
+ &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)
+ || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
+ || !TEST_int_eq(SSL_get_early_data_status(serverssl),
+ SSL_EARLY_DATA_ACCEPTED)
+ || !TEST_int_eq(SSL_connect(clientssl), 1)
+ || !TEST_int_eq(SSL_accept(serverssl), 1))
+ goto end;
+
+ /* Send some normal data from client to server */
+ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
+ || !TEST_size_t_eq(written, strlen(MSG2)))
+ goto end;
+
+ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
+ || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_SESSION_free(sess);
+ SSL_SESSION_free(clientpsk);
+ SSL_SESSION_free(serverpsk);
+ clientpsk = serverpsk = NULL;
+ if (clientssl != NULL)
+ SSL_shutdown(clientssl);
+ if (serverssl != NULL)
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
/*
* Test that a server that doesn't try to read early data can handle a
* client sending some.
return testresult;
}
+/*
+ * Test incorrect shutdown.
+ * Test 0: client does not shutdown properly,
+ * server does not set SSL_OP_IGNORE_UNEXPECTED_EOF,
+ * server should get SSL_ERROR_SSL
+ * Test 1: client does not shutdown properly,
+ * server sets SSL_OP_IGNORE_UNEXPECTED_EOF,
+ * server should get SSL_ERROR_ZERO_RETURN
+ */
+static int test_incorrect_shutdown(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char buf[80];
+ BIO *c2s;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (tst == 1)
+ SSL_CTX_set_options(sctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ c2s = SSL_get_rbio(serverssl);
+ BIO_set_mem_eof_return(c2s, 0);
+
+ if (!TEST_false(SSL_read(serverssl, buf, sizeof(buf))))
+ goto end;
+
+ if (tst == 0 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL) )
+ goto end;
+ if (tst == 1 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_ZERO_RETURN) )
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
/*
* Test bi-directional shutdown.
* Test 0: TLSv1.2
return testresult;
}
+#ifndef OPENSSL_NO_EC
+/*
+ * Test that if signature algorithms are not available, then we do not offer or
+ * accept them.
+ * Test 0: Two RSA sig algs available: both RSA sig algs shared
+ * Test 1: The client only has SHA2-256: only SHA2-256 algorithms shared
+ * Test 2: The server only has SHA2-256: only SHA2-256 algorithms shared
+ * Test 3: An RSA and an ECDSA sig alg available: both sig algs shared
+ * Test 4: The client only has an ECDSA sig alg: only ECDSA algorithms shared
+ * Test 5: The server only has an ECDSA sig alg: only ECDSA algorithms shared
+ */
+static int test_sigalgs_available(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
+ OPENSSL_CTX *clientctx = libctx, *serverctx = libctx;
+ OSSL_PROVIDER *filterprov = NULL;
+ int sig, hash;
+
+ if (!TEST_ptr(tmpctx))
+ goto end;
+
+ if (idx != 0 && idx != 3) {
+ if (!TEST_true(OSSL_PROVIDER_add_builtin(tmpctx, "filter",
+ filter_provider_init)))
+ goto end;
+
+ filterprov = OSSL_PROVIDER_load(tmpctx, "filter");
+ if (!TEST_ptr(filterprov))
+ goto end;
+
+ if (idx < 3) {
+ /*
+ * Only enable SHA2-256 so rsa_pss_rsae_sha384 should not be offered
+ * or accepted for the peer that uses this libctx. Note that libssl
+ * *requires* SHA2-256 to be available so we cannot disable that. We
+ * also need SHA1 for our certificate.
+ */
+ if (!TEST_true(filter_provider_set_filter(OSSL_OP_DIGEST,
+ "SHA2-256:SHA1")))
+ goto end;
+ } else {
+ if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE,
+ "ECDSA"))
+ || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT,
+ "EC:X25519:X448")))
+ goto end;
+ }
+
+ if (idx == 1 || idx == 4)
+ clientctx = tmpctx;
+ else
+ serverctx = tmpctx;
+ }
+
+ cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method());
+ sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method());
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (idx < 3) {
+ if (!SSL_CTX_set1_sigalgs_list(cctx,
+ "rsa_pss_rsae_sha384"
+ ":rsa_pss_rsae_sha256")
+ || !SSL_CTX_set1_sigalgs_list(sctx,
+ "rsa_pss_rsae_sha384"
+ ":rsa_pss_rsae_sha256"))
+ goto end;
+ } else {
+ if (!SSL_CTX_set1_sigalgs_list(cctx, "rsa_pss_rsae_sha256:ECDSA+SHA256")
+ || !SSL_CTX_set1_sigalgs_list(sctx,
+ "rsa_pss_rsae_sha256:ECDSA+SHA256"))
+ goto end;
+ }
+
+ if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx,
+ privkey2,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* For tests 0 and 3 we expect 2 shared sigalgs, otherwise exactly 1 */
+ if (!TEST_int_eq(SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, NULL,
+ NULL, NULL),
+ (idx == 0 || idx == 3) ? 2 : 1))
+ goto end;
+
+ if (!TEST_int_eq(hash, idx == 0 ? NID_sha384 : NID_sha256))
+ goto end;
+
+ if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC
+ : NID_rsassaPss))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ OSSL_PROVIDER_unload(filterprov);
+ OPENSSL_CTX_free(tmpctx);
+
+ return testresult;
+}
+#endif /* OPENSSL_NO_EC */
+
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n")
int setup_tests(void)
cert = test_mk_file_path(certsdir, "servercert.pem");
if (cert == NULL)
- return 0;
+ goto err;
privkey = test_mk_file_path(certsdir, "serverkey.pem");
- if (privkey == NULL) {
- OPENSSL_free(cert);
- return 0;
- }
+ if (privkey == NULL)
+ goto err;
+
+ cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
+ if (cert2 == NULL)
+ goto err;
+
+ privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
+ if (privkey2 == NULL)
+ goto err;
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
&& !defined(OPENSSL_NO_SOCK)
ADD_ALL_TESTS(test_early_data_skip_abort, 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
+ ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ADD_ALL_TESTS(test_ticket_callbacks, 16);
ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_ALL_TESTS(test_incorrect_shutdown, 2);
ADD_ALL_TESTS(test_cert_cb, 6);
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_ca_names, 3);
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
+#ifndef OPENSSL_NO_EC
+ ADD_ALL_TESTS(test_sigalgs_available, 6);
+#endif
return 1;
+
+ err:
+ OPENSSL_free(cert);
+ OPENSSL_free(privkey);
+ OPENSSL_free(cert2);
+ OPENSSL_free(privkey2);
+ return 0;
}
void cleanup_tests(void)
{
OPENSSL_free(cert);
OPENSSL_free(privkey);
+ OPENSSL_free(cert2);
+ OPENSSL_free(privkey2);
bio_s_mempacket_test_free();
bio_s_always_retry_free();
OSSL_PROVIDER_unload(defctxnull);